From “Yahoo Says Information on at Least 500 Million User Accounts Was Stolen”
Wall Street Journal (09/23/16) McMillan, Robert. Posted by ASIS.
Yahoo Inc. reported Thursday that hackers backed by an unnamed foreign government had stolen personal information from more than 500 million of its users’ accounts. Hackers penetrated Yahoo’s network in late 2014 and stole personal data on more than 500 million users. The stolen data included names, email addresses, dates of birth, telephone numbers, and encrypted passwords, Yahoo said. Yahoo said it believes that the hackers are no longer in its corporate network. The company said it did not believe that unprotected passwords, payment-card data, or bank-account information had been affected. In July, Yahoo began investigating claims by hackers who were offering to sell what they said were 280 million Yahoo usernames and passwords. Yahoo said it concluded the information for sale was not legitimate, but the company decided to broaden its probe, eventually determining that it had been breached by “a state-sponsored actor.” Yahoo did not say how the hackers broke into its network or which country sponsored the attacks. The intrusion, in 2014, came during a period when many computer attacks were believed to be the work of China. More recent hacks, however, including of the Democratic National Committee earlier this year, have been blamed on Russia. Both countries have denied involvement in the hacks. The Yahoo breach appears to be the largest ever disclosed, based on the number of users affected, said Paul Stephens, director of policy and advocacy with Privacy Rights Clearing House.
From “Crooks Are Selling a Skimmer That Works on All Chip Card Readers”
CSO Online (08/31/16) Korolov, Maria. Posted by ASIS.
Researchers have found a website that claims to sell “the most advanced EMV chip data collector in the world.” The seller says that the device is powered by the point of sale terminal, and can hold information on up to 5,000 credit cards in its memory. The equipment can also be used on machines made by Ingenico and Verifone, as well as terminals on gas station pumps, ticket purchase stations, and on small ATMs, specifically those manufactured by Triton. Andrei Barysevich, director of Eastern European research and analysis at Flashpoint, says that the device is primarily targeted towards Latin America. Latin America is still reliant on static data authentication chips, which allow criminals to create usable new chip cards with the data they catch, making it an easier target. Barysevich also says that the “technology can be used in any point of sale device. It literally takes less than 10 seconds to install, and once installed, it stays there forever.” He said that terminal manufacturers have been notified about the issue.
From “Laptops Most Often Stolen From Most Unlikely Place”
CIO (08/15/16) Olavsrud, Thor. Posted by ASIS.
According to Kensington’s IT Security & Laptop Theft report, the No. 1 place employees had experienced IT theft was ‘cars and transportation’. The No. 2 response, coming in ahead of ‘airports and hotels’ and ‘restaurants’ was the office. Kensington, a supplier of desktop and mobile device accessories, surveyed 300 U.S. IT professionals from a range of industries for the report. The company found that 34 percent of organizations do not have a physical security policy in place for their laptops, mobile devices, and other electronic assets. Additionally, 54 percent of respondents do not currently use physical locks for IT equipment. “Since studies confirm that well-implemented security can significantly decrease laptop theft by as much as 85 percent, it’s important for IT personnel to consistently utilize physical locks for computing and mobile equipment to provide resistance to tampering and theft,” said Rob Humphrey, director of Global Product Management, Security, Kensington.
From “Police: Laptop Used to Reprogram, Steal More Than 100 Cars”
Associated Press (08/05/16) Posted by ASIS.
Police have arrested two men in Houston for allegedly using pirated computer software to steal more than 100 vehicles. Michael Arce, 24, and Jesse Zelaya, 22, focused on new Jeep and Dodge vehicles that are lucrative on the black market in Mexico, authorities said. Using a laptop computer, the men allegedly reprogrammed the targeted vehicles’ electronic security so their own key worked. The stolen vehicles relied on a common software used by auto technicians and dealers, according to Houston police officer Jim Woods. Computer security expert Yoni Heilbronn says computerization and Internet connectivity increase vehicle security in some ways, but also increase the risk of theft and malicious disabling. Automakers are cooperating to develop best practices and to share information on cybersecurity threats.
WIRED. ANDY GREENBERG.ANDY GREENBERG 08/10/2016
In 2013, when University of Birmingham computer scientist Flavio Garcia and a team of researchers were preparing to reveal a vulnerability that allowed them to start the ignition of millions of Volkswagen cars and drive them off without a key, they were hit with a lawsuit that delayed the publication of their research for two years. But that experience doesn’t seem to have deterred Garcia and his colleagues from probing more of VW’s flaws: Now, a year after that hack was finally publicized, Garcia and a new team of researchers are back with another paper that shows how Volkswagen left not only its ignition vulnerable but the keyless entry system that unlocks the vehicle’s doors, too. And this time, they say, the flaw applies to practically every car Volkswagen has sold since 1995.
See full story at https://www.wired.com/2016/08/oh-good-new-hack-can-unlock-100-million-volkswagens/
From “Local Schools to Use New Security App Directly Connected to Police”
WSBTV.com (Atlanta, GA) (08/08/16) Petchenik, Mike. Posted by ASIS.
The Fulton County school district in Georgia recently launched the QuickTip app, which allows anyone to anonymously report something suspicious to Fulton County school police. School officials hope the app will help keep kids safe in class. Fulton County Schools Director of Safety and Security Shannon Flounnory said he hopes the app will stop a range of bad student behavior. Anyone can download the app on their smart phone through the Fulton County schools app or access it online. The district launched it quietly last year and Flounorry says they’ve had some success.
Full Story: http://www.wsbtv.com/news/local/north-fulton-county/local-schools-to-use-new-security-app-directly-connected-to-police/419250001
From “Hospital Shooting: Florida Facilities Beef up Security With Armed Guards, Random Bag Checks”
Fierce Healthcare (07/25/2016) Minemyer, Paige. Reposted by ASIS
Central Florida hospitals are bolstering their security in the wake of a deadly shooting at an area facility. The shooting at Parrish Medical Center earlier this month has sparked security concerns in the area. Parrish itself has reportedly increased security in its emergency department and main entrance, instituting random bag checks, and restricting access at certain locations within the facility. Health First, a system that owns four other hospitals in the same county, is also implementing those measures, as well as employing armed guards, which has some worried patient safety will be endangered. Orlando Health, the hospital that treated the majority of patients injured in the Pulse nightclub shooting, is now screening people entering its hospitals with wand and bag checks. Hospitals across the country are increasingly planning for active shooter situations in their facilities, or to handle a sudden overflow of patients should a shooting occur elsewhere.